Legal

Privacy Policy

Effective April 16, 2026

This Privacy Policy explains what personal data Alerne ("Alerne", "we", "us") collects when you use our service at alerne.com, how we use it, who we share it with, and what rights you have. It's written to be readable. If something is unclear, email contact@alerne.com.

1. Who is the data controller

Alerne is operated from Kazakhstan and is the data controller for personal data processed via the service. For questions about this policy, to exercise your rights, or to request controller details, contact contact@alerne.com.

2. What we collect

Account data. When you sign up, we collect your email address, a hashed password (or OAuth identifier if you sign in with a provider), account timestamps, and any profile information you add.

Content you create. Prompts, course topics, chat messages, quiz answers, uploaded files, review ratings, and any other input you provide to generate or interact with learning material.

Generated content. Courses, lessons, quizzes, flashcards, and chat responses generated for you, plus metadata like mastery scores and review schedules.

Usage data. Pages visited, features used, button clicks, session duration, approximate location derived from IP (country/region), device and browser characteristics, referrer, and error reports.

Billing data. If you subscribe to Pro, our payment provider collects your payment details directly. We receive and store your subscription status, billing email, invoice history, and a customer reference — not your full card number.

Cookies and similar technologies. We use strictly necessary cookies (auth session, CSRF protection) and analytics cookies (see Section 6). You can control non-essential cookies via your browser or our cookie controls where shown.

3. Why we process your data (legal basis)

  • To provide the service — generating courses, storing your progress, authenticating you, processing payments. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
  • To improve the service — analytics, error monitoring, usage patterns. Legal basis: legitimate interests in maintaining and improving Alerne (GDPR Art. 6(1)(f)), balanced against your rights.
  • To communicate with you — transactional emails (password reset, billing, review reminders if opted in). Legal basis: contract or consent for optional reminders.
  • To comply with law — tax records, responding to lawful requests. Legal basis: legal obligation (GDPR Art. 6(1)(c)).
  • To prevent abuse — rate limiting, fraud, security. Legal basis: legitimate interests.

We do not use Your Content or Generated Content to train AI models. Our AI providers are configured for zero-retention or short-retention inference only (see Section 5).

4. Who we share data with

We use trusted third-party processors to run Alerne. We share the minimum data necessary, and they are contractually bound to protect it. We share data with providers in the following categories:

  • Cloud hosting and content delivery — serving the application and storing files you upload. Shared: request metadata, IP, uploaded files.
  • Managed database — primary storage of account data, content, and learning progress.
  • Payment processing — handling subscriptions and invoices. Shared: billing email, payment details you provide at checkout, customer reference.
  • Transactional email — sending auth emails, receipts, and opt-in reminders. Shared: email address, email content.
  • Product analytics and error monitoring — understanding usage and diagnosing bugs. Shared: usage events, pseudonymous user ID, device info, error stack traces.
  • AI model providers — running the inference that powers course and lesson generation, chat, and related features. Shared: prompts and the context needed for the response.

We may also share data with law-enforcement or regulators when legally required, or in connection with a corporate transaction (merger, acquisition, asset sale) — in which case we'll notify you before your data becomes subject to a new policy.

If you want the specific current list of providers we use, email contact@alerne.comand we'll share it on request.

5. AI providers and your content

When you generate a course or chat with the lesson assistant, your prompt and relevant context are sent to AI model providers for inference. We select providers and configurations that:

  • Do not retain prompts or outputs beyond what's needed to return the response
  • Do not train models on API traffic by default
  • Comply with reasonable enterprise data-handling standards

Provider policies can change. We review them periodically and will update this policy if the categories of providers we rely on change.

6. Cookies and analytics

Essential cookies (auth session, CSRF token) are required for the site to work and cannot be disabled.

Analytics. We use PostHog (hosted in the EU) to understand how people use Alerne — which features matter, where people get stuck. Analytics events are pseudonymous where possible. You can opt out by blocking analytics cookies in your browser or using a tracker-blocking extension.

7. International transfers

Alerne is operated from Kazakhstan, and some of our processors are based in the US, the EEA, or other countries. Your data may therefore be transferred, stored, and processed outside your country of residence. Where applicable, we rely on EU Standard Contractual Clauses (SCCs), the UK Addendum, or equivalent safeguards to protect personal data transferred internationally.

8. How long we keep data

  • Account data: while your account is active, and up to 90 days after deletion for backups and fraud prevention.
  • Course content and progress: while your account is active; deleted with your account.
  • Billing records: as required by tax and accounting law (typically 7 years).
  • Analytics events: up to 12 months, then aggregated or deleted.
  • Error logs: up to 90 days.

9. Your rights

If GDPR or UK GDPR applies to you, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict or object to certain processing
  • Export your data in a portable format
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local data-protection authority

If you live in California, CCPA/CPRA gives you similar rights, including the right to know, delete, and opt out of "sales" or "sharing" of personal data. We do not sell your personal data.

To exercise any right, email contact@alerne.com. Most requests are handled from your account settings directly — you can delete your account, which purges your content.

10. Security

We use industry-standard measures: TLS in transit, encryption at rest for database storage, hashed passwords, scoped access controls, and regular dependency patching. No system is perfectly secure; if we detect a breach affecting your personal data, we'll notify you and the relevant authorities as required by law.

11. Children

Alerne is not directed at children under 13 (or under the minimum age of digital consent in your country). We do not knowingly collect personal data from children. If you believe a child has registered, email us and we'll delete the account.

12. Changes to this policy

We'll post updates on this page with a new effective date. Material changes will be announced by email or in-app notice.

13. Contact

Privacy questions or requests: contact@alerne.com. See also our Terms of Service.